Modern technology and globalization have made it possible for a single attacker to wage war against a company and even a country, and win! Technological advances make it possible for attackers to continuously develop and improve tactics. This results in everchanging threats which are made all the more pernicious by the interconnectivity we've grown into.

Moreover, technologies have led to extremely sophisticated and powerful criminal networks that are hard to identify and uncover even when operating under our noses. To thwart such attacks and threats, huge amounts of resources would have to be dedicated to security by the government, but those resources aren't there. The gap is therefore bridged more and more by the private sector.

Criminal organizations come in many forms and can take unlimited actions that aren't always accurately forecastable. This is where learning to think like them comes into play. Looking at your organization through their mental filter can show you not only how you are vulnerable, but where. Indicators of attack (IOA) focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware, tools or exploits they use. Indicator of Compromise-based (IOC-based) detection approach does not identify the rising threats from malware-free intrusions or even zero-day exploits. This is where an IOA-based approach, pioneered by CrowdStrike, becomes useful (https://www.crowdstrike.com/cybersecurity-101/indicators-of-compromise/ioa-vs-ioc/ ...